Secure filesystem permissions for *nix shared hosting server?

[Superwormy]

If you're setting up a Linux system to do shared hosting, is there a way to set the file/directory permissions so that everyone *can't* read everyone else's files?

Right now, my hosting account is set up chmod a+rx so that Apache can read the files in the /home/username/public_html/ directories.

But then, everyone else can read my files too...?

 

[Fallen Kell]

Well, if Apache is hosting out the file, then yes, everyone will be able to read the file(s).... If you don't want people reading stuff, do not include the "x" on the directory and no one but you, or root will be able to enter the directory. If you are trying to do secured/passworded section of a site in Apache, you need to look at .htaccess or something similar.

If this is your own server, well, then you should be running Apache as an apache username and apache group, and in which case, the files/directories that hold your website pages should be owned by apache:apache, not your own user account.

 

[Superwormy]

Isn't the file being owned by apache *even worse*. That means that Apache (and thus any scripts that run inside Apache (i.e. PHP)) have write access to all of your web files. Not what I want to happen...

I'll look into making the directories not x. Thanks.

 

[Superwormy]

And o-x doesn't seem to do the trick either... it denies access to all of the files to Apache, so Apache can't serve anything then.

 

[Nothinman]

You could change the owning group to apache (or httpd or whatever your distro uses) so it can read the files then remove o-rwx from them.

 

[Superwormy]

Alright, I'll check that out too. Thanks.